489a624ea613e5cd71837fcd59804124db5faa9f86a3e7790547649b4fcdd1a4 | Triage

Sharing

General

Target

489a624ea613e5cd71837fcd59804124db5faa9f86a3e7790547649b4fcdd1a4
Size

25KB
Sample

230818-z7zc4sff3v
MD5

ca835c40a948e53a99abe547585b991c
SHA1

cac6d79d0251cbc837f2db4fd00988d5295c4e49
SHA256

489a624ea613e5cd71837fcd59804124db5faa9f86a3e7790547649b4fcdd1a4
SHA512

f81a901d42e5a805c5bc5ddf0145350705d76bee7b532cfcf265413f5dda3201c9fef90b772bc0e487d5410b166516f2343b60c6b6494d86a5d04e2d9c75ae7d
SSDEEP

384:qc0J+vqBoLotA8oPNIrxKRQSv7QrzVVvOytGxboE9K/mKHrjpjvh:8Q3LotOPNSQVwVVxGKEvKHrVh

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  489a624ea613e5cd71837fcd59804124db5faa9f86a3e7790547649b4fcdd1a4
- Size
  
  25KB
- MD5
  
  ca835c40a948e53a99abe547585b991c
- SHA1
  
  cac6d79d0251cbc837f2db4fd00988d5295c4e49
- SHA256
  
  489a624ea613e5cd71837fcd59804124db5faa9f86a3e7790547649b4fcdd1a4
- SHA512
  
  f81a901d42e5a805c5bc5ddf0145350705d76bee7b532cfcf265413f5dda3201c9fef90b772bc0e487d5410b166516f2343b60c6b6494d86a5d04e2d9c75ae7d
- SSDEEP
  
  384:qc0J+vqBoLotA8oPNIrxKRQSv7QrzVVvOytGxboE9K/mKHrjpjvh:8Q3LotOPNSQVwVVxGKEvKHrVh
Score

7^/10

persistence spyware stealer
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer